These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm.
matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched. Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript.
0 kommentar(er)
